Sophos Cloud installer and the detection of other security software

Article ID:
119619

Updated:
06 Apr 2015

This article provides information on how the Sophos Cloud installer detects and removes third-party security software prior to installation. This should prove helpful when encountering the following message during installation:

Unable to Proceed

Sophos Endpoint Security and Control cannot be installed while third-party security software is on this computer.

To remove conflicting software during installation, run the installer again and select 'Remove conflicting third-party security software'.

Alternatively, software can be removed with Control Panel.

Notes:

Often third-part uninstallers do not remove all traces of the application. A common issue seen is that the applications 'uninstall' registry key (related information in article 121447) is left behind that the Sophos CRT detects. The avremove.log can be used to find the keys being detected by the CRT. Tip: search for the word 'detected'.

It may be beneficial to upgrade or downgrade the competitor product in order to better match a version that we do detect. The information below details how to export a list of third-party security products the CRT currently detects.

As most applications today are MSI based, it may be a simple task to automate the removal of a product with a script prior the installation of Sophos, especially if you are scripting the installation of Sophos as per the guidance in article 120611. For general guidance on removing applications in a scripted way see article 121447.

It is also suggested where possible to disable any anti-tamper functionality of the third-party product, especially where passwords are configured.

By default the Sophos Installer runs the check for third-party security products and removes them when found before installation. This behavior can be changed if required - for more information see article 120613 on how to do this as part of a scripted install.

Issue

This article is appropriate where:

a third-party product is detected that has already been removed,

another security product fails to be detected,

removal of a detected product fails.

First seen in/Applies to

Sophos Cloud

What To Do

A third party product is detected that has already been removed

Check the 'avremove.log' file created by the Sophos Installer; by default it is created in the installing users temp location, i.e. %temp%. E.g. 'C:\users\Bob\AppData\Local\Temp\'.

The lines in the log file shows all the registry keys and markers checked by the Sophos Installer. It maybe that the third-party installer did not fully clean up all traces the Sophos Installer checks for. This log can therefore be used to identify why the third-party application is still being detected. Tip: search for the word 'detected'.

Another security product fails to be detected

To confirm the product is not detected and to help understand why, check the 'avremove.log' file created by the Sophos Installer.

If no third-party applications are detected it should end with the line:No products detected on this system The previous lines in the log file shows all the registry keys checked by the Sophos Installer to identify third-party applications. It maybe obvious from looking at the file why the product is not being found.

Note: To confirm the software versions that are detected by the Sophos Cloud installer, you can do as follows:

Locate the 'crt' directory created by the Sophos Cloud installer. This should be in '%temp%\crt\'.

In an administrative command prompt navigate to the above directory and run:AVRemove.exe --listproducts > crtproducts.txt

Open 'crtproducts.txt' in a text editor to view the versions that are known to be detected.

​If your product isn't detected and you have no errors such as failing to read registry keys due to permissions we suggest you contact Sophos Support.

Removal of a detected product fails

Check the 'avremove.log' file created by the Sophos Installer; by default it is created in the installing users temp location, i.e. %temp%. E.g. 'C:\users\Bob\AppData\Local\Temp\' for errors. It may be obvious as to why removal failed.

If you still are unable to identify why the removal fails, we recommend you attempt to manually remove any third-party security applications detected before re-running the Sophos Cloud installer. To do so: